Versions Compared

Version Old Version 3 New Version Current
Changes made by

Former user

Solomon F Prophete

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Excerpt

Welcome to the Azure Security Monitoring knowledge base!

The CUIT Cybersecurity team has built this security monitoring process to detect security vulnerabilities or misconfigurations in the Azure Cloud. Each alert has a criticality assigned to demonstrate how to prioritize the issue detected. A description and remediation are also provided in each alert to guide you as the subscription owner on how to solve the issue at hand. Additionally each alert has references to the Azure Support Site, CIS Benchmark or MITRE ATT&CK framework which were the teams source to build the monitoring alerts. 

Below is a search bar which will let you type in the alert name and find additional information about the event. On the left you can see a drop down under Azure Security Monitoring, this will provide you access to a comprehensive list of detections which we use in our monitoring. 


Ui steps

What do I do if I received a security alert?
1. Type in the name of your alert in the search box below. The name is found in the subject line of the alert email.
2. Select the alert that matches.
3. You will see a description of why the alert was raised, and what you can do to solve the issue. 
4. If the remediation steps are not clear, please visit the reference link(s) to learn more. If you still need help, please email cybersec@columbia.edu


Live Search
spaceKeyCSVM
placeholdertype in the name of your alert
typepage
labelsgcp


Azure Security Best Practices

We have compiled the following list as best practices to provide a security foundation to Azure Subscription owners. These controls are designed to limit exposure and reduce the attack surface of your cloud resources. 

  • Run Antivirus or Anti-Malware on virtual machines

    • If you are looking for antivirus or anti-malware CUIT provides Malwarebytes to the university

    • IT Staff around the university can request a site to manage their endpoints 

  • Limit public resources 

    • Buckets and databases should be restricted from being directly accessible from the outside world 

    • This will prevent from information being exposed which it was not intended t

  • Limit which region resources are provisioned

    • Since Columbia University is operating out of the United States from a legal perspective it is in the Universities best interest to host data within the same region. 

    • Deploying workloads to regions outside of the US will require an exception, you can find that process to the left of this page

  • Leverage University login systems and Multi Factor authentication

  • No Public IPs on Virtual Machines

    • Security best practice is to limit which network ports are accessible via the world on virtual machines

    • To facilitate applications which need to be publicly accessible a load balancer should be used to provide that connectivity. This will also provide you additional features such as distribution of workload and high availability

Child pages (Children Display)
alltrue
styleh3
sortcreation
excerptTypesimple